Title :
A paradigm for user-defined security policies
Author :
Kuhnhauser, W.E.
Author_Institution :
German Nat. Res. Center for Inf. Technol., Sankt Augustin
Abstract :
One of today´s major challenges in computer security is the ever-increasing multitude of individual, application-specific security requirements. As a positive consequence, a wide variety of security policies has been developed, each policy reflecting the specific needs of individual applications. As a negative consequence, the integration of the multitude of policies into today´s system platforms made the limitations of traditional architectural foundations of secure computer systems quite obvious. Many of the traditional architectural foundations originally aimed at supporting only a single access control policy within a single trusted system environment. This paper discusses a new paradigm to support user-defined security policies in a distributed multi-policy system. The paradigm preserves the successful properties of the traditional architectural foundations while additionally providing strong concepts for user-defined security policies. Among these concepts are policy separation, encapsulation, persistency, cooperation, and reusability. We illustrate the application of our approach in a DCE environment
Keywords :
computer network management; data encapsulation; inheritance; object-oriented methods; security of data; access control; application-dependent user-defined security policies; application-specific security requirements; computer security; confidentiality; cooperation; distributed multi-policy system; encapsulation; integrity; multi-policy environments; persistency; policy separation; reference monitor; reusability; traditional architectural foundations; user-defined security policies; Access control; Application software; Authentication; Communication system security; Computer security; Computerized monitoring; Condition monitoring; Data security; Information security; Protection;
Conference_Titel :
Reliable Distributed Systems, 1995. Proceedings., 14th Symposium on
Conference_Location :
Bad Neuenahr
Print_ISBN :
0-8186-7153-X
DOI :
10.1109/RELDIS.1995.526221